-
Notifications
You must be signed in to change notification settings - Fork 4
/
README-SSL
35 lines (23 loc) · 1.91 KB
/
README-SSL
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
There are 2 methods of using SSL with Gnoga, 1 is direct SSL support and the second is via proxy.
See ssl/gnoga-server-secure.ads for direct gnoga support of ssl. It requires installing libgnutls28-dev (e.g. apt-get install libgnutls28-dev on Debian)
You can run make test_ssl to create a test ssl app using a localy signed certificate, then to run bin/layouts_ssl
Note:
When purchasing SSL certificates, when using gnutls such as with Gnoga direct ssl support or using Apache that also uses gnutls, append the intermediate certificate to the bottom of your certificate, if there is one (and there usually is with cheaper certificates), to properly create a chain of trust back to the root certificates installed in the browsers visiting your secure server.
Here is an example of using Apache to Proxy SSL:
Setup your proxy to use an ssl connection:
1) Create your self signed certificate for testing. Of course for production you will want to purchase a real certificate:
openssl req -new -x509 -days 365 -sha1 -newkey rsa:1024 -nodes -keyout server.key -out server.crt -subj '/O=Botton/OU=Gnoga/CN=snake.gnoga.com'
2) I added a config:
<VirtualHost *:443>
ServerName snake.gnoga.com
ServerAdmin [email protected]
SSLEngine on
SSLCertificateFile /home/dbotton/workspace/ssl/server.crt
SSLCertificateKeyFile /home/dbotton/workspace/ssl/server.key
SSLCertificateChainFile /home/dbotton/workspace/ssl/intermediate_certs.crt
ProxyPass /gnoga ws://127.0.0.1:8080/gnoga
ProxyPass / http://127.0.0.1:8080/
ProxyPassReverse / http://127.0.0.1:8080/
</VirtualHost>
If you purchase your SSL certs from a CA that is lower tier you will need their intermediate certificate to validate their authority back to one of the main CAs. This is common for the less expensive SSL certs sold. This will also not be needed if using self generated certifcates for testing.
Now https://snake.gnoga.com will be a secure connection.